recog 2.3.18 → 2.3.19

data/xml/ftp_banners.xml

@@ -360,10 +360,11 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
 more stuff</example>
-    <param pos="0" name="service.fvendor" value="PureFTPd"/>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">

data/xml/html_title.xml

@@ -255,6 +255,7 @@
     <param pos="0" name="hw.vendor" value="Philips"/>
     <param pos="0" name="hw.product" value="Hue"/>
     <param pos="0" name="hw.device" value="Light Bulb"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
   </fingerprint>
 
   <fingerprint pattern="LANDesk\(R\) Management Agent$">
@@ -595,6 +596,14 @@
     <param pos="0" name="hw.product" value="Lantick Ethernet Relay Controller"/>
   </fingerprint>
 
+  <fingerprint pattern="^XYTRONIX Relay$">
+    <description>Xytronix Relay</description>
+    <example>XYTRONIX Relay</example>
+    <param pos="0" name="hw.vendor" value="Xytronix"/>
+    <param pos="0" name="hw.device" value="Relay Controller"/>
+    <param pos="0" name="hw.product" value="Ethernet Relay Controller"/>
+  </fingerprint>
+
   <fingerprint pattern="^(myUTN(?:-[a-zA-Z0-9]+)?) Control Center$">
     <description>myUTN Device Server</description>
     <example hw.product="myUTN-50a">myUTN-50a Control Center</example>
@@ -1596,6 +1605,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:manageengine:opmanager:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^ManageEngine Desktop Central 9$">
+    <description>ManageEngine Desktop Central 9</description>
+    <example>ManageEngine Desktop Central 9</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="Desktop Central"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:manageengine:desktop_central:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^ManageEngine ADAudit Plus$">
     <description>ManageEngineADAudit Plus</description>
     <example>ManageEngine ADAudit Plus</example>
@@ -1677,6 +1694,7 @@
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
     <param pos="0" name="service.product" value="NetScaler Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler_gateway:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Citrix (?:NetScaler SDX|ADC SDX)$">
@@ -2181,6 +2199,14 @@
     <param pos="0" name="service.product" value="Kiwi Syslog"/>
   </fingerprint>
 
+  <fingerprint pattern="^SolarWinds Orion$">
+    <description>SolarWinds Orion</description>
+    <example>SolarWinds Orion</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Orion Platform"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^ClickShare Configurator$">
     <description>ClickShare Wireless Presenter</description>
     <example>ClickShare Configurator</example>
@@ -2511,6 +2537,7 @@
     <example>SolarWinds Virtualization Manager</example>
     <param pos="0" name="service.vendor" value="SolarWinds"/>
     <param pos="0" name="service.product" value="Virtualization Manager"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Gitea: .*|LocalRepo|TurnKey Gitea)$">
@@ -2654,9 +2681,10 @@
     <param pos="0" name="service.product" value="Security Scanner"/>
   </fingerprint>
 
-  <fingerprint pattern="^Kodi$">
+  <fingerprint pattern="^(?:Chorus 2 - )?Kodi(?: web interface)?$">
     <description>Kodi Media Server</description>
     <example>Kodi</example>
+    <example>Chorus 2 - Kodi web interface</example>
     <param pos="0" name="service.vendor" value="Kodi"/>
     <param pos="0" name="service.product" value="Media Server"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:kodi:kodi:-"/>
@@ -2735,4 +2763,131 @@
     <param pos="0" name="os.product" value="Pulse Connect Secure"/>
   </fingerprint>
 
+  <fingerprint pattern="^Jellyfin$">
+    <description>Jellyfin media server</description>
+    <example>Jellyfin</example>
+    <param pos="0" name="service.vendor" value="Jellyfin"/>
+    <param pos="0" name="service.product" value="Media Server"/>
+  </fingerprint>
+
+  <fingerprint pattern="^proxmox - Proxmox Virtual Environment$">
+    <description>Proxmox open-source virtualization platform</description>
+    <example>proxmox - Proxmox Virtual Environment</example>
+    <param pos="0" name="service.vendor" value="Proxmox"/>
+    <param pos="0" name="service.product" value="Proxmox"/>
+    <param pos="0" name="os.vendor" value="Proxmox"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Proxmox"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Sony Network Camera$">
+    <description>Sony Network Camera</description>
+    <example>Sony Network Camera</example>
+    <param pos="0" name="hw.vendor" value="Sony"/>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+    <param pos="0" name="hw.product" value="Network Camera"/>
+  </fingerprint>
+
+  <fingerprint pattern="Lifesize&amp;reg;$">
+    <description>Lifesize TelePresence</description>
+    <example>Lifesize&amp;reg;</example>
+    <example>400 - Bad Request	Lifesize&amp;reg;</example>
+    <param pos="0" name="hw.vendor" value="Lifesize"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="TelePresence"/>
+    <param pos="0" name="os.vendor" value="Lifesize"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="TelePresence"/>
+    <param pos="0" name="os.device" value="Video Conferencing"/>
+  </fingerprint>
+
+  <fingerprint pattern="^AT&amp;amp;T VPN Gateway$">
+    <description>ATT VPN Gateway</description>
+    <example>AT&amp;amp;T VPN Gateway</example>
+    <param pos="0" name="hw.vendor" value="ATT"/>
+    <param pos="0" name="hw.device" value="VPN"/>
+    <param pos="0" name="hw.product" value="VPN Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^AT&amp;amp;T U\d+: '([^']+)'$">
+    <description>ATT VPN Gateway w Hostname</description>
+    <example host.name="Austin-Boston">AT&amp;amp;T U115: 'Austin-Boston'</example>
+    <param pos="0" name="hw.vendor" value="ATT"/>
+    <param pos="0" name="hw.device" value="VPN"/>
+    <param pos="0" name="hw.product" value="VPN Gateway"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Symantec Encryption Verified Directory|Symantec Encryption Server.*)$">
+    <description>Symantec PGP Key Management Server</description>
+    <example>Symantec Encryption Verified Directory</example>
+    <example>Symantec Encryption Server - Page Not Found</example>
+    <example>Symantec Encryption Server - Login</example>
+    <param pos="0" name="hw.vendor" value="Symantec"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Key Management Server"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Riverbed Technology, Inc\.$">
+    <description>Riverbed Steelhead Appliance</description>
+    <example>Riverbed Technology, Inc.</example>
+    <param pos="0" name="hw.vendor" value="Riverbed"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Steelhead"/>
+    <param pos="0" name="os.product" value="RiOS"/>
+    <param pos="0" name="os.vendor" value="Riverbed"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ClearPass - Aruba Networks$">
+    <description>ClearPass Policy Manager Appliance</description>
+    <example>ClearPass - Aruba Networks</example>
+    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.product" value="ClearPass Policy Manager"/>
+    <param pos="0" name="service.vendor" value="Aruba Networks"/>
+    <param pos="0" name="service.device" value="Network Appliance"/>
+    <param pos="0" name="service.product" value="ClearPass Policy Manager"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:arubanetworks:clearpass_policy_manager:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^MSTR Collab Server$">
+    <description>MicroStrategy Collaboration Server</description>
+    <example>MSTR Collab Server</example>
+    <param pos="0" name="service.vendor" value="MicroStrategy"/>
+    <param pos="0" name="service.product" value="Collaboration Server"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Openfire Admin Console$">
+    <description>Openfire Admin Console</description>
+    <example>Openfire Admin Console</example>
+    <param pos="0" name="service.vendor" value="Ignite Realtime"/>
+    <param pos="0" name="service.product" value="OpenFire"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:igniterealtime:openfire:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^:: PBX in a Flash">
+    <description>PBX in a Flash</description>
+    <example>:: PBX in a Flash, Welcome!</example>
+    <param pos="0" name="hw.vendor" value="PIAF"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Hak5 Cloud C">
+    <description>Hak5 Cloud c2</description>
+    <example>Hak5 Cloud C²</example>
+    <param pos="0" name="service.vendor" value="Hak5"/>
+    <param pos="0" name="service.product" value="Cloud C2"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Metabase$">
+    <description>Metabase</description>
+    <example>Metabase</example>
+    <param pos="0" name="service.vendor" value="Metabase"/>
+    <param pos="0" name="service.product" value="Metabase"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/http_cookies.xml

@@ -49,6 +49,15 @@
     <param pos="0" name="service.product" value="Dynamo"/>
   </fingerprint>
 
+  <fingerprint pattern="^Bugzilla_login_request_cookie=.*">
+    <description>Bugzilla</description>
+    <example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
+    <param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
+    <param pos="0" name="service.vendor" value="Mozilla"/>
+    <param pos="0" name="service.product" value="Bugzilla"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
     <description>BEA WebLogic (with timestamp)</description>
     <param pos="1" name="cookie"/>
@@ -165,6 +174,15 @@
     <param pos="0" name="os.product" value="Pulse Connect Secure"/>
   </fingerprint>
 
+  <fingerprint pattern="^DokuWiki=.*">
+    <description>Dokuwiki</description>
+    <example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
+    <param pos="0" name="cookie" value="DokuWiki"/>
+    <param pos="0" name="service.vendor" value="Dokuwiki"/>
+    <param pos="0" name="service.product" value="Dokuwiki"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(EktGUID|ecm)=.*">
     <description>Ektron CMS400.net</description>
     <param pos="1" name="cookie"/>
@@ -184,6 +202,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^i_like_gogits=.*">
+    <description>Gogs</description>
+    <example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="i_like_gogits"/>
+    <param pos="0" name="service.vendor" value="Gogs"/>
+    <param pos="0" name="service.product" value="Gogs"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(BigIPCookie)=.*">
     <description>F5 BIG-IP LTM</description>
     <param pos="1" name="cookie"/>
@@ -193,6 +220,25 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^i_like_gitea=.*">
+    <description>Gitea</description>
+    <example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
+    <param pos="0" name="cookie" value="i_like_gitea"/>
+    <param pos="0" name="service.vendor" value="Gitea"/>
+    <param pos="0" name="service.product" value="Gitea"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^_gitlab_session=.*">
+    <description>GitLab</description>
+    <param pos="0" name="cookie" value="_gitlab_session"/>
+    <param pos="0" name="service.vendor" value="GitLab"/>
+    <param pos="0" name="service.product" value="GitLab"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
     <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
     <param pos="1" name="cookie"/>
@@ -296,6 +342,16 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^phsid=.*">
+    <description>Phabricator</description>
+    <example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
+    <param pos="0" name="cookie" value="phsid"/>
+    <param pos="0" name="service.vendor" value="Phacility"/>
+    <param pos="0" name="service.family" value="Phabricator"/>
+    <param pos="0" name="service.product" value="Phabricator"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(RMID)=.*">
     <description>RealMedia OpenAdStream</description>
     <param pos="1" name="cookie"/>
@@ -342,6 +398,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
   </fingerprint>
 
+  <fingerprint pattern="^_redmine_session=.*">
+    <description>Redmine</description>
+    <example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="_redmine_session"/>
+    <param pos="0" name="service.vendor" value="Redmine"/>
+    <param pos="0" name="service.product" value="Redmine"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:redmine:redmine:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
     <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
     <param pos="1" name="cookie"/>
@@ -375,6 +440,16 @@
     <param pos="0" name="service.product" value="Urchin Tracking Module"/>
   </fingerprint>
 
+  <fingerprint pattern="vxoaSessionID=">
+    <description>Silver Peak Appliance</description>
+    <example>vxoaSessionID=s%3A2650cfe1df092fc617d229d6d6b5dbfc.70yKRpb371czAWFkZWXdNfCSNexQvtiVr%2B3Z51YXbIw; Path=/; HttpOnly; Secure</example>
+    <example>vxoaSessionID=s%3A65e39ce7ae15193cb4bb0f812d20105b.qgHrgV4MtPKWeKwBrfynmxZmn5iaegh%2FRP0nV5ntaE8; Path=/; HttpOnly; Secure</example>
+    <example>vxoaSessionID=s%3A7e17300953b68c4713990a01bd00aa2b.5mg3edagZCkddCmWqMXbp4AOEzTVby6K2z2jfhal7Uw; Path=/; HttpOnly; Secure</example>
+    <param pos="0" name="hw.vendor" value="Silver Peak"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.product" value="SD-WAN"/>
+  </fingerprint>
+
   <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
     <description>Vignette</description>
     <param pos="1" name="cookie"/>
@@ -399,6 +474,16 @@
     <param pos="0" name="service.product" value="WebTrends"/>
   </fingerprint>
 
+  <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=.*">
+    <description>Zimbra</description>
+    <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
+    <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Synacor"/>
+    <param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(_ZopeId)=.*">
     <description>Zope</description>
     <param pos="1" name="cookie"/>

data/xml/http_servers.xml

@@ -2,6 +2,23 @@
 <fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
   <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
 
+  <fingerprint pattern="^BASHttpd/([\d.]+)">
+    <description>BASHttpd</description>
+    <example service.version="4.3.24">BASHttpd/4.3.24-release</example>
+    <param pos="0" name="service.product" value="bashttpd"/>
+    <param pos="0" name="service.vendor" value="Avleen Vig"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^monit ([\d.]+)$">
+    <description>Monit</description>
+    <example service.version="5.6">monit 5.6</example>
+    <param pos="0" name="service.vendor" value="Tildeslash"/>
+    <param pos="0" name="service.product" value="Monit"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:tildeslash:monit:{service.version}"/>
+  </fingerprint>
+
   <fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
     <description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
     <example service.version="220.68">AirTunes/220.68</example>
@@ -1785,9 +1802,13 @@
     <param pos="0" name="os.vendor" value="NetApp"/>
     <param pos="0" name="os.family" value="Data ONTAP"/>
     <param pos="0" name="os.product" value="Data ONTAP"/>
-    <param pos="0" name="os.device" value="File Server"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NetApp"/>
+    <param pos="0" name="hw.family" value="Data ONTAP"/>
+    <param pos="0" name="hw.device" value="NAS"/>
+    <param pos="0" name="hw.product" value="Data ONTAP"/>
   </fingerprint>
 
   <fingerprint pattern="^BlueCoat-Security-Appliance$">
@@ -2372,6 +2393,15 @@
     <param pos="2" name="python.version"/>
   </fingerprint>
 
+  <fingerprint pattern="^Grandstream (GXP[^\s]+) ([\d\.]+)$">
+    <description>Grandstream IP Phone</description>
+    <example hw.product="GXP2020" hw.version="1.2.5.3">Grandstream GXP2020 1.2.5.3</example>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+
   <fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
     <description>Apache variant for web access to HP printers.</description>
     <example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
@@ -4171,6 +4201,66 @@
     <param pos="2" name="python.version"/>
   </fingerprint>
 
+  <fingerprint pattern="^pve-api-daemon/[\d.]+">
+    <description>Proxmox api daemon</description>
+    <example>pve-api-daemon/3.0</example>
+    <param pos="0" name="service.vendor" value="Proxmox"/>
+    <param pos="0" name="service.product" value="Proxmox"/>
+    <param pos="0" name="os.vendor" value="Proxmox"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Proxmox"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Cherokee/([\d.]+) \(Debian\)$">
+    <description>Cherokee Web Server - Debian variant</description>
+    <example service.version="1.2.104">Cherokee/1.2.104 (Debian)</example>
+    <param pos="0" name="service.vendor" value="Cherokee Project"/>
+    <param pos="0" name="service.product" value="Cherokee"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Cherokee/([\d.]+) \(Ubuntu\)$">
+    <description>Cherokee Web Server - Ubuntu variant</description>
+    <example service.version="1.2.104">Cherokee/1.2.104 (Ubuntu)</example>
+    <param pos="0" name="service.vendor" value="Cherokee Project"/>
+    <param pos="0" name="service.product" value="Cherokee"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Ubuntu"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Cherokee/([\d.]+) \(Gentoo Linux\)$">
+    <description>Cherokee Web Server - Gentoo variant</description>
+    <example service.version="1.2.104">Cherokee/1.2.104 (Gentoo Linux)</example>
+    <param pos="0" name="service.vendor" value="Cherokee Project"/>
+    <param pos="0" name="service.product" value="Cherokee"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Gentoo"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Cherokee(?:/([\d.]+))?(?: \(UNIX\))?$">
+    <description>Cherokee Web Server</description>
+    <example>Cherokee</example>
+    <example service.version="0.2.7">Cherokee/0.2.7</example>
+    <example service.version="1.2.101">Cherokee/1.2.101 (UNIX)</example>
+    <param pos="0" name="service.vendor" value="Cherokee Project"/>
+    <param pos="0" name="service.product" value="Cherokee"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
+  </fingerprint>
+
   <!-- This is a version of ACME mini_httpd where the value 'mini_httpd' has been
       replaced with a UUID in the Server header AND body of the response. It
       is likely vendor or product specific.
@@ -4186,4 +4276,33 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Unspecified, UPnP/[\d\.]+, Unspecified$">
+    <description>UPNP server</description>
+    <example>Unspecified, UPnP/1.0, Unspecified</example>
+    <param pos="0" name="service.family" value="UPnP"/>
+  </fingerprint>
+
+  <fingerprint pattern="^WNR2000v([0-9]) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
+    <description>Netgear WNR2000v5 Router UPnP</description>
+    <example hw.version="5" service.version="1.0">WNR2000v5 UPnP/1.0 miniupnpd/1.0</example>
+    <param pos="1" name="hw.version"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.vendor" value="Netgear"/>
+    <param pos="0" name="service.family" value="UPnP"/>
+    <param pos="0" name="service.product" value="MiniUPnP"/>
+    <param pos="0" name="hw.vendor" value="Netgear"/>
+    <param pos="0" name="hw.product" value="WNR2000"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:netgear:wnr2000:{hw.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ev-compat$">
+    <description>PELCO CAMERA DEVICE</description>
+    <example>ev-compat</example>
+    <param pos="0" name="service.vendor" value="Pelco"/>
+    <param pos="0" name="service.family" value="UPnP"/>
+    <param pos="0" name="hw.vendor" value="Pelco"/>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+  </fingerprint>
+
 </fingerprints>